hxxps://publissofthelp[.]zendesk[.]com/s[.]id/1OKYQ

Analysis

max time kernel
512s
max time network
581s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29/12/2023, 03:17

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://publissofthelp.zendesk.com/s.id/1OKYQ

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 4 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	1576	firefox.exe
Token: SeDebugPrivilege	1576	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
1576	firefox.exe
1576	firefox.exe
1576	firefox.exe
1576	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
1576	firefox.exe
1576	firefox.exe
1576	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1872 wrote to memory of 1576	1872	firefox.exe	28
PID 1872 wrote to memory of 1576	1872	firefox.exe	28
PID 1872 wrote to memory of 1576	1872	firefox.exe	28
PID 1872 wrote to memory of 1576	1872	firefox.exe	28
PID 1872 wrote to memory of 1576	1872	firefox.exe	28
PID 1872 wrote to memory of 1576	1872	firefox.exe	28
PID 1872 wrote to memory of 1576	1872	firefox.exe	28
PID 1872 wrote to memory of 1576	1872	firefox.exe	28
PID 1872 wrote to memory of 1576	1872	firefox.exe	28
PID 1872 wrote to memory of 1576	1872	firefox.exe	28
PID 1872 wrote to memory of 1576	1872	firefox.exe	28
PID 1872 wrote to memory of 1576	1872	firefox.exe	28
PID 1576 wrote to memory of 2332	1576	firefox.exe	29
PID 1576 wrote to memory of 2332	1576	firefox.exe	29
PID 1576 wrote to memory of 2332	1576	firefox.exe	29
PID 1576 wrote to memory of 2560	1576	firefox.exe	30
PID 1576 wrote to memory of 2560	1576	firefox.exe	30
PID 1576 wrote to memory of 2560	1576	firefox.exe	30
PID 1576 wrote to memory of 2560	1576	firefox.exe	30
PID 1576 wrote to memory of 2560	1576	firefox.exe	30
PID 1576 wrote to memory of 2560	1576	firefox.exe	30
PID 1576 wrote to memory of 2560	1576	firefox.exe	30
PID 1576 wrote to memory of 2560	1576	firefox.exe	30
PID 1576 wrote to memory of 2560	1576	firefox.exe	30
PID 1576 wrote to memory of 2560	1576	firefox.exe	30
PID 1576 wrote to memory of 2560	1576	firefox.exe	30
PID 1576 wrote to memory of 2560	1576	firefox.exe	30
PID 1576 wrote to memory of 2560	1576	firefox.exe	30
PID 1576 wrote to memory of 2560	1576	firefox.exe	30
PID 1576 wrote to memory of 2560	1576	firefox.exe	30
PID 1576 wrote to memory of 2560	1576	firefox.exe	30
PID 1576 wrote to memory of 2560	1576	firefox.exe	30
PID 1576 wrote to memory of 2560	1576	firefox.exe	30
PID 1576 wrote to memory of 2560	1576	firefox.exe	30
PID 1576 wrote to memory of 2560	1576	firefox.exe	30
PID 1576 wrote to memory of 2560	1576	firefox.exe	30
PID 1576 wrote to memory of 2560	1576	firefox.exe	30
PID 1576 wrote to memory of 2560	1576	firefox.exe	30
PID 1576 wrote to memory of 2560	1576	firefox.exe	30
PID 1576 wrote to memory of 2560	1576	firefox.exe	30
PID 1576 wrote to memory of 2560	1576	firefox.exe	30
PID 1576 wrote to memory of 2560	1576	firefox.exe	30
PID 1576 wrote to memory of 2560	1576	firefox.exe	30
PID 1576 wrote to memory of 2560	1576	firefox.exe	30
PID 1576 wrote to memory of 2560	1576	firefox.exe	30
PID 1576 wrote to memory of 2560	1576	firefox.exe	30
PID 1576 wrote to memory of 2560	1576	firefox.exe	30
PID 1576 wrote to memory of 2560	1576	firefox.exe	30
PID 1576 wrote to memory of 2560	1576	firefox.exe	30
PID 1576 wrote to memory of 2560	1576	firefox.exe	30
PID 1576 wrote to memory of 2560	1576	firefox.exe	30
PID 1576 wrote to memory of 2560	1576	firefox.exe	30
PID 1576 wrote to memory of 2560	1576	firefox.exe	30
PID 1576 wrote to memory of 2560	1576	firefox.exe	30
PID 1576 wrote to memory of 2560	1576	firefox.exe	30
PID 1576 wrote to memory of 2560	1576	firefox.exe	30
PID 1576 wrote to memory of 2560	1576	firefox.exe	30
PID 1576 wrote to memory of 2560	1576	firefox.exe	30
PID 1576 wrote to memory of 2560	1576	firefox.exe	30
PID 1576 wrote to memory of 2836	1576	firefox.exe	31
PID 1576 wrote to memory of 2836	1576	firefox.exe	31
PID 1576 wrote to memory of 2836	1576	firefox.exe	31
PID 1576 wrote to memory of 2836	1576	firefox.exe	31
PID 1576 wrote to memory of 2836	1576	firefox.exe	31

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://publissofthelp.zendesk.com/s.id/1OKYQ"
1⤵
- Suspicious use of WriteProcessMemory
PID:1872
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://publissofthelp.zendesk.com/s.id/1OKYQ
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:1576
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1576.0.2062471360\16462653" -parentBuildID 20221007134813 -prefsHandle 1232 -prefMapHandle 1224 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6c62f26a-ae71-486a-9858-87b8fdf9bd8f} 1576 "\\.\pipe\gecko-crash-server-pipe.1576" 1308 118d6758 gpu
    3⤵
    PID:2332
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1576.1.1645468872\749645730" -parentBuildID 20221007134813 -prefsHandle 1484 -prefMapHandle 1480 -prefsLen 21610 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fd9e0dcc-bc7c-4b04-8baf-26266f3dc983} 1576 "\\.\pipe\gecko-crash-server-pipe.1576" 1512 d72958 socket
    3⤵
    PID:2560
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1576.2.1615830510\2039803000" -childID 1 -isForBrowser -prefsHandle 2012 -prefMapHandle 2020 -prefsLen 21648 -prefMapSize 233444 -jsInitHandle 864 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {321f6ed0-8014-437a-9b57-dc9e21b5c0ff} 1576 "\\.\pipe\gecko-crash-server-pipe.1576" 1980 19ec1158 tab
    3⤵
    PID:2836
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1576.3.417112978\2105292964" -childID 2 -isForBrowser -prefsHandle 2820 -prefMapHandle 2816 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 864 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {98fbe9eb-9c4f-460e-b25b-b9389d4185a9} 1576 "\\.\pipe\gecko-crash-server-pipe.1576" 2832 1c9dcb58 tab
    3⤵
    PID:1032
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1576.4.1449443461\1794077810" -childID 3 -isForBrowser -prefsHandle 3580 -prefMapHandle 3560 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 864 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {784ae919-d971-46e4-ba93-475aac8810a3} 1576 "\\.\pipe\gecko-crash-server-pipe.1576" 3592 1c6aab58 tab
    3⤵
    PID:1680
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1576.5.124133543\1714111564" -childID 4 -isForBrowser -prefsHandle 3604 -prefMapHandle 3472 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 864 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {647d99c1-b57d-4b56-a428-93da38164b4a} 1576 "\\.\pipe\gecko-crash-server-pipe.1576" 3560 1e1dae58 tab
    3⤵
    PID:816
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1576.6.193692085\292117454" -childID 5 -isForBrowser -prefsHandle 3876 -prefMapHandle 3880 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 864 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5ae9a269-b4d6-44b7-ac5b-8d7331843019} 1576 "\\.\pipe\gecko-crash-server-pipe.1576" 3864 1e1db458 tab
    3⤵
    PID:948
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1576.7.595393021\1002812879" -childID 6 -isForBrowser -prefsHandle 4316 -prefMapHandle 4320 -prefsLen 27207 -prefMapSize 233444 -jsInitHandle 864 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {11dbc757-4262-4d0b-bb70-3c30b84953cd} 1576 "\\.\pipe\gecko-crash-server-pipe.1576" 4304 1ec4ec58 tab
    3⤵
    PID:1676
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1576.8.482124136\1455511108" -childID 7 -isForBrowser -prefsHandle 4244 -prefMapHandle 8460 -prefsLen 27207 -prefMapSize 233444 -jsInitHandle 864 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {32076671-ac74-4f72-bbb7-cbafab91dc2d} 1576 "\\.\pipe\gecko-crash-server-pipe.1576" 2428 1e356d58 tab
    3⤵
    PID:820

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jc9ad0k2.default-release\cache2\doomed\10039

Filesize
113B

MD5
0d1be9864540a7f2d55ae9061326a6c8

SHA1
b7af2f27ee5d66ad44a7d13400dfa4d12600e66c

SHA256
c7646faee6dcdb06a3c302afba46347829ee230f9c0993f100588ed5bdc95ca7

SHA512
4e31ea31adb1df521f13583f0c607b309c9431ab561b8559708559b6b7bae25f919fc7ab10013d01b0e57264352a27482ffaa8d9ef85c68417a2b97afb8200f7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jc9ad0k2.default-release\cache2\entries\037778A55E1B7E9BED3390289866D09402D6C913

Filesize
9KB

MD5
30cc0da1ee1af3d6bcc3ba5b7841983e

SHA1
d173f05fb4cea6f239645b7b214d12911692a360

SHA256
e417f71092f8ab360a173e9c4005e6f3ef01108f1fad7f6862d05a013424aedb

SHA512
f79648d653cccdcea1d6f30bd0e8360c29b466ea25f808c844ae0f6a0eafd2702eb7934dcb15af52750b96bd79fee67b86c29c5f6a0c85653770cd33ef34e343

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jc9ad0k2.default-release\cache2\entries\17AE96D37487AD4EA63427692522E01F478675B4

Filesize
13KB

MD5
face5fb178ff37abbaa980786d985df6

SHA1
14f975fc8ce751a682f31720639afc5f35d8b459

SHA256
297ddc12175f020857ccebd2a0462d4dafad930208c2e4eaf8c17941c1fe3d40

SHA512
acfda15080d5b634be1c8d7d757acbe65f320c12f32809e4b27580959828632804771053c6f4497adbc831563f96236eed3b07028064bcc652c3c2a4ff7710e6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jc9ad0k2.default-release\cache2\entries\1E3866B584D906DD8CB8840AB2070142E2DEA38A

Filesize
15KB

MD5
9c9f508d5486c52b6c7a4dfce3feee8d

SHA1
750e77204f826fcc02efe796d96d215f011615ba

SHA256
cc612952abdf2769432888e480c05c0815911a4987b4ed06a0c1d03cb3cb7170

SHA512
0b13fcfb9c6811b1ab2b0f561256d314564e913de5420c005a14004c6bbe19311062bbbb6eac7b038ef825ed376c7ba126b1514c210fbdeded5b6784a72446dc

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jc9ad0k2.default-release\cache2\entries\254256B27E0C48CF9B80B695F0B3B8CA84610495

Filesize
9KB

MD5
7a5614015719f69d21840fc5e96ffebf

SHA1
aa905f35c18b32e45027eca1ffade0c5a662feac

SHA256
cfb6cd73356a3fa15e591250662295686c5e48f2ee568a38864f60aef2be83dc

SHA512
17541d87ff916ba7459ccbd268225ca480e049be65d30510c1a2b13b449607f7633a351867014056d0b1fac1a6e1645470e921f7f8e59383afca7c2496ba3a70

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jc9ad0k2.default-release\cache2\entries\58A50C53477ACCCC270021416A2D343DF2C83532

Filesize
116B

MD5
cd704e2e545c0aaaebc32f4122364bf2

SHA1
9b7283c71da4d62c3047871aa96774d4aeddd736

SHA256
a076aaf1570b9cab49a66b69cca590ef848a46b21720b53a84c58154864827c6

SHA512
9ba369c2efc138f88e9f86e788bf9e2402740866afb82226ce2ce2b7a8bd40072efd8f5fbc48465a109f314b500029de0a37faf03cefdbbe9dc00cdf3d33b146

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jc9ad0k2.default-release\cache2\entries\6F5003D51DF6D9C0D294E284E1733798F3B1230F

Filesize
182B

MD5
ca55a9c97e35cc2f09a7cc34db15a3c9

SHA1
dc28124fb251cdbdf95db120b6a8d2f96af5adf4

SHA256
783d970843c1cd0b0294d3bd36918d95e35353a291f8ee72ed801da60b92a2ea

SHA512
763eced94ca7839338ad54af7136c3f11009a738ab6d832f70868924d26f48f8e19937d5f03c6570e5af5d98c239fb1b768e5c5e7b85399b162c8b63ec5a0d8e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jc9ad0k2.default-release\cache2\entries\7002E71F4F8431A3D59D2158243A0EA278856918

Filesize
13KB

MD5
57ff04ace3112de495af6e1361cb805d

SHA1
ab3c4c6bae70d096bf6eb0eb56391040fe5feced

SHA256
77aa38db4ce4b522001135920cd704cbf245dc5d2cd4e163c1854ca87953833a

SHA512
0356a9091c6f0f0a22965411aa3f4142cd101c257cff2e9f81e1d4d1e6414ea57deaa380d024fc96813be8d5f33d28cba1064812462a40ec03d3f286d083f83e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jc9ad0k2.default-release\cache2\entries\B573808F9B4F64D3E5F0B069BDAA48EF4086E712

Filesize
13KB

MD5
6ec14a10f6a2806f7bfd956c352c27d3

SHA1
8cef0ad6569dcd7eaff64f68b5f5416e00b5d96a

SHA256
e76d251534b9be7492096cd7eef473af9b18b81a3bc1fd6beb0c3cb9a25117ae

SHA512
e4d6330c9d434a4df87e41cc3bd4d8a35d3d677e910d9a4aaa8ddcccb7af914a5aa453466b2564fb4928e220dae10e4f0d8d67a707b6318dcb422fa7be09577c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jc9ad0k2.default-release\cache2\entries\E4BCD80C1A6F3B0B8C76402B457C96DE7F6E19FE

Filesize
30KB

MD5
4cb40ce6c6a85f263453fd10ec13508d

SHA1
63682e9f59d8634d295085c1e031d94df901a26b

SHA256
cd242dd96706f4e3acf3baa72fc9ca2503be0ab750b826fcc937d2cab37e1a29

SHA512
e6933babb6bcc2126fc148757f3157f24781d4f339287639efa19a4c9162b4abc000ece776eb6e8e0a88506aa88b78d9f5c6e94951bdddabe9a2aa3fb15e998b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jc9ad0k2.default-release\cache2\entries\F210D48319A1879FD1C5213FA010C613B99BA085

Filesize
11KB

MD5
db5ec10694cb1bf02fa818f3d65cbebd

SHA1
6af9681af4f0389bf63135ec3bb859af0597ce9a

SHA256
fb94b076779bed7130d8a19a9e0b74b7ab2e7cf42acfd0a574d3840e33912754

SHA512
566147a194dc9e1f14d5619565ac0ca5b40304c80c199ff28945323aa9c52c1c42fc893122447247a50e172c7738efc3c7d6dea46bf53d9d47d9355e2eaf84d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
480KB

MD5
3344d71baddf734b3e47766cae56cdc7

SHA1
a1571d7e55e664d11f5bda057f885fa3103cc950

SHA256
82f17c797ba24ee59ff83a9abc3e7d48a079125f5913ea1fd34227342424fe62

SHA512
5b0c3e0715fa849ec9c677637c59fe8d3420e41801a4d3eb92196991dc3550b74cc9cc2d43578289334354b97131ce6a642172197fe69f0f476330e482e6069f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
9KB

MD5
b746ce93e20feec7198ff61f44a9b691

SHA1
a339475ea2e37345b2125e28956e49d64e3f8b52

SHA256
cb5829c83d85464b4b76d38b3c6a4edd8c49bbce5ab538cc4157f7bc1b5ce2c5

SHA512
d977bb126bd392f4a4f9547f0e39fc0a6b7d6afe3074fefa33f5665b3e590f49da36dfec91bf7b3626b99bbd923e479aae49092f778bc0f01696dcf364f882ba

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jc9ad0k2.default-release\bookmarkbackups\bookmarks-2023-12-29_11_IP0qMa7YGB8-YmPILlHtTA==.jsonlz4

Filesize
942B

MD5
890dc77433700cd877fc486cdc73f288

SHA1
65eb0b4e0043e01803cea253dd994713b36ea7e0

SHA256
dc1998ad21d272090ce7a09d500dc6d5820d775cc9de7a20d82705db568a9160

SHA512
ad1e026a5bba67924282a23b2f77ec41e416c4a5f9c686e0494756a2175a30a4e0f739fdc0f57937be7267e2c2b9e58ec4d1a1226180ea373d865169d1878cea

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jc9ad0k2.default-release\broadcast-listeners.json

Filesize
204B

MD5
72c95709e1a3b27919e13d28bbe8e8a2

SHA1
00892decbee63d627057730bfc0c6a4f13099ee4

SHA256
9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa

SHA512
613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jc9ad0k2.default-release\datareporting\glean\db\data.safe.bin

Filesize
9KB

MD5
18de4d4bf401eb4c93645d250a3d4509

SHA1
6ac947f5ed532b076a3a150bb0535146373af2a2

SHA256
3ae127f179fbbb4f7fa099c2c66b69768838915e6d2990aae966d147233c96d5

SHA512
fc823e174270452d9c2017756cd4a53f24c13e3c425c89c98aa8267902558c54d998825e700edd9a4c0faf60adb154bb9ba9ffe78428181eacc89596716aaf4e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jc9ad0k2.default-release\datareporting\glean\pending_pings\dcb4b641-bf49-47d5-b5f9-f7ea11bf3ab7

Filesize
733B

MD5
f4de15383e8a31db7115d30a62b9a02f

SHA1
7b0fa8eeddbc934ba6794bd26361b85f54005614

SHA256
d02446a76fc483e608c97c179e33cc3140c71e27515630d25dc7d861f00b9758

SHA512
bc1c76a2e959be9e6f889a79368898c67cb007fa3074c12d9ce7fd794d62c7e6f6e609b634833478386072bbfb8d0ccdecae99e4ebb9b28bd5a4bd336cd86481

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jc9ad0k2.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
767KB

MD5
8720a316281f965834bbf95d02ca37d9

SHA1
e3961d2b2580978c58d5deffbeb449b3f7c4af2e

SHA256
a6cbb4f685f0753b38bba66494a0974ed653eaa00172b3e18f52819df638e028

SHA512
f312f9e4196bfe73ac9bc5d709879bc9d6882aa45552438396a7bab0241cf9c36171a9453fab8279b9e3dac116d12e6f59209caed48193f1240a2914e0c4e424

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jc9ad0k2.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jc9ad0k2.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jc9ad0k2.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jc9ad0k2.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
191KB

MD5
fe2e5ec496ee0433f8e19b4c8020f0a8

SHA1
924f53fbf2d3f499505e870568c14dd8c154470a

SHA256
a6f4f857d704560ce8bb5bec914d83df713f723830f9a45a61889c1b63273e28

SHA512
e9910933f4e44921a0c3527e4ea730a5f78875c0ff5be4cb445227fde46436c69d0132fcc3e00ac40b30ac4c0890b560cb7b15285993b00f2cc48e94ac41fda2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jc9ad0k2.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jc9ad0k2.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jc9ad0k2.default-release\prefs-1.js

Filesize
6KB

MD5
090a81fb289bcbd3ddca523885d4b56f

SHA1
802626744633554e943a9c1a0c58480e35553dc4

SHA256
b10dffb5d84426b9736ace61345cd405874d5271621152f1638a551916f9efa4

SHA512
c7781dbe4ff28fb27e35870f00ecd054fd3118ab2d25447477746cdbcc286b4bb3235fe3f035fb22987dc94f9307826febd19329e2509240e2062e8368e19e67

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jc9ad0k2.default-release\prefs-1.js

Filesize
7KB

MD5
d5ae9e892a7acb4f977fb7d1574dd6ec

SHA1
a6a33eec7dec9ccd2ad3176eda343c88db2fa46b

SHA256
89876018340c4054c31847b709e16a1d696261bf680adb36f3496f209ca658fe

SHA512
a549a426e2050c5d63826df1beca2a81babbe41dfd3bb87d0e3fc3c69335905671ce6d0a16092bfde49c0376353808c4610813e0aca0588c3c46af3c3b9a8a2d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jc9ad0k2.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jc9ad0k2.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
2KB

MD5
18f88fb81d60512feb90d53133501c83

SHA1
858c36b3382a0ed19e760411d59af972df777af1

SHA256
fbe8b9c6b5167c26d6c46e7ecc30bd308c1e0fdc63310bcb5c006ce89b699fa0

SHA512
c944731710793baee7428f004c537d7c808d0f25332111e93961b8265d3cb8880f92b95cb3855822c4d47cdb5eb4a08c13c6794a71fccdade25a15d671d7d587

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jc9ad0k2.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
ada159142b4cd420b848ac4cf5819efb

SHA1
f3f9448a3267858b2da82c0685f7f546e12a75ff

SHA256
7a84c07fe175a21467bbe33e22ad4ec7f5f77ab4dc988d10dea59f6a028446a3

SHA512
a943e5a4e1925de2ef1914a4a0447646e2224f4de5970283b7845f4bdf1518c14ebceda7368749f77e5073bdbcdc58f265756817e6281c89e1286d6cc6f82aac

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jc9ad0k2.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
8f5f3e452ac674e409e1e1c8374819b4

SHA1
af007497b56f5306bcdeb810be339d69b9e80200

SHA256
e5edda9fcb4cc71f033d20ea30c3726eaf3db79be3b033bdf58e65b8c207703c

SHA512
46c05df73be4e21e1f32cfe6d4dd7ecf0abc6b59df3e9ab5a7c5577b89df9412dd4acf5e3302e9edb94da7ac83232229cbe4f4834ceceb7ebf5f919b435413f1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jc9ad0k2.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
2d16ca2ac9dd077b293b5717d3b88f6c

SHA1
6e134a349e83ee7e618beb4e1308ea4a1e4c2635

SHA256
97aaba277cfbfef0a279e53e30217fb476cae719e39d0920e8b72029c60b0dee

SHA512
1b1301f4f4d7b6ce676554dcabf9c8d0c62887ff3a23cd2c0928d6d2ede156de69b24c4a182052e334fbe62d0641de434fbba0dcde4a25aec461c1dc97d569c9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jc9ad0k2.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
936B

MD5
f5971b1aa2eecefd20862cfedfafa577

SHA1
e0fa5e5fd96daca42d3bb28e6ed98274a4dfe594

SHA256
125defacceef41c9ece2eece7e8b26a19e64389e06b22dc80a3afe666ff557f1

SHA512
a4d6accd8a5fb2cdd701cea0d2d30b5d26f0ea0863e09aa5a9e4fb39d0f43f91f648272fe997186773672c35140c7e7e3b88d84631c59e8cd30eeb61570eae15

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jc9ad0k2.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
128KB

MD5
f837b5e113703ef9e9ec214c00f4e377

SHA1
bdc800089b280c98a6eadea99b4d682520d1f804

SHA256
7ec03f64026ef8df59b3e4f1ad461e26be742f8d0813c1c541c456df6a4a423e

SHA512
1524d7bd4c5afeda87555d09732c473ed148c33bb519926526f27a871c2c2996d2029a8d6be1a58423b92c2f9082d3512ae3bc470461cd4ec9874187848ed42f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jc9ad0k2.default-release\targeting.snapshot.json

Filesize
3KB

MD5
361f3baafcfad7e8bf5c4c6d2dc3db8f

SHA1
2e418927c105558d6abc6520a0e07544f2ef46e5

SHA256
338892783b49497f40876acc7f741df9bb10317ce28e0cc1d3c3a8312a30b7be

SHA512
80de58f5064b23d29f8b63e9af2b1d4eff4bc0f624028f3091123a092805c39394b3469a50237905d7278e403743043987664aac2e5736027f952bfeea842410

Download Submit